CVE-2025-12419— Account takeover on OAuth/OpenID-enabled servers

Account takeover on OAuth/OpenID-enabled servers

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

认证算法的不正确实现

Mattermost 安全漏洞

Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost存在安全漏洞，该漏洞源于OAuth状态令牌验证不足，可能导致账户接管。以下版本受到影响：10.12.1及之前的10.12.x版本、10.11.4及之前的10.11.x版本、10.5.12及之前的10.5.x版本和11.0.3及之前的11.0.x版本。

N/A

N/A